4 replies to this topic

[tsmith35]

The file preg.exe is provided as part of the SourceBoost embedded programming IDE. It is falsely detected as Backdoor.Win32.Bifrose by Ikarus. This file is a required part of the SourceBoost system (it is used to enter PURCHASED license information) and is available as part of the download.


Avira has already removed the false detection.

Password of attached zip file is "ikarus"

****File and links removed by moderator****

As Lynx pointed out, links and suspect files should *not* be posted publicly. There is always a chance that they may have been compromised. As Stapp says, thanks for bringing this to the team's attention.

[Lynx]

Hi tsmith35, welcome to the forum

Please do not ever post neither the links to the downloads in question nor the files

If you want to find out whether the flagged item is an FP submit the entry as described in Submitting suspected False Positives for analysis

Thanks for supplying the password , but the password should be "fp" as in #3 of the referred thread and the archive should not be attached to the post of the public forum

My regards

[stapp]

Hi tsmith35

As Lynx pointed out there is a way of reporting false positives.

However you weren't aware of this perhaps.

Thanks very much anyway for going to the trouble of reporting it as it helps other users and Emsisoft.

[tsmith35]

Hi tsmith35

As Lynx pointed out there is a way of reporting false positives.

However you weren't aware of this perhaps.

Thanks very much anyway for going to the trouble of reporting it as it helps other users and Emsisoft.

Thanks for clearing that up. I thought the forum was the proper way to submit the file, but I will use the method you recommended for any future reports.

[Lynx]

Hi tsmith35,

I submitted the file yesterday late evening and quarantined it
After the latest update few min. ago the file was automatically re-scanned and restored from quarantine, so the FP was confirmed and fixed quite quickly

My regards